diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 2decba34..55a4ef5d 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -43,7 +43,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # tag=v2.8.1 + uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # tag=v2.9.0 with: egress-policy: block @@ -65,7 +65,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # tag=v2.8.1 + uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # tag=v2.9.0 with: egress-policy: block @@ -87,7 +87,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # tag=v2.8.1 + uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # tag=v2.9.0 with: egress-policy: block diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 1a8dfb5a..408f984b 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -44,7 +44,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # tag=v2.8.1 + uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # tag=v2.9.0 with: # TODO: change to 'egress-policy: block' after couple of runs egress-policy: audit @@ -54,7 +54,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@b611370bb5703a7efb587f9d136a52ea24c5c38c # tag=codeql-bundle-v3.25.11 + uses: github/codeql-action/init@2d790406f505036ef40ecba973cc774a50395aac # tag=codeql-bundle-v3.25.13 with: languages: ${{ matrix.language }} @@ -62,7 +62,7 @@ jobs: # Java). If this step fails, then you should remove it and run the build # manually (see below). - name: Autobuild - uses: github/codeql-action/autobuild@b611370bb5703a7efb587f9d136a52ea24c5c38c # tag=codeql-bundle-v3.25.11 + uses: github/codeql-action/autobuild@2d790406f505036ef40ecba973cc774a50395aac # tag=codeql-bundle-v3.25.13 # ℹī¸ Command-line programs to run using the OS shell. 📚 # https://git.io/JvXDl @@ -76,4 +76,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@b611370bb5703a7efb587f9d136a52ea24c5c38c # tag=codeql-bundle-v3.25.11 + uses: github/codeql-action/analyze@2d790406f505036ef40ecba973cc774a50395aac # tag=codeql-bundle-v3.25.13 diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 5b5e110d..2d5ccf8a 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -12,10 +12,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # tag=v2.8.1 + uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # tag=v2.9.0 with: # TODO: change to 'egress-policy: block' after couple of runs egress-policy: audit - name: 'Checkout Repository' uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # tag=v4.1.7 - name: 'Dependency Review' - uses: actions/dependency-review-action@72eb03d02c7872a771aacd928f3123ac62ad6d3a # tag=v4.3.3 + uses: actions/dependency-review-action@5a2ce3f5b92ee19cbb1541a4984c76d921601d7c # tag=v4.3.4 diff --git a/.github/workflows/docker-pytest-image.yml b/.github/workflows/docker-pytest-image.yml index 61ee0a9d..ad5b23c3 100644 --- a/.github/workflows/docker-pytest-image.yml +++ b/.github/workflows/docker-pytest-image.yml @@ -73,7 +73,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # tag=v2.8.1 + uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # tag=v2.9.0 with: egress-policy: audit # allowed-endpoints: > @@ -110,7 +110,7 @@ jobs: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # tag=v4.1.7 - id: setup-python - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # tag=v5.1.0 + uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # tag=v5.1.1 with: python-version: ${{ inputs.python_version }} diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 0b84f21e..7ea1a031 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -60,6 +60,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@b611370bb5703a7efb587f9d136a52ea24c5c38c # tag=codeql-bundle-v3.25.11 + uses: github/codeql-action/upload-sarif@2d790406f505036ef40ecba973cc774a50395aac # tag=codeql-bundle-v3.25.13 with: sarif_file: results.sarif diff --git a/.github/workflows/stale-issues.yml b/.github/workflows/stale-issues.yml index f668ef3b..543ee733 100644 --- a/.github/workflows/stale-issues.yml +++ b/.github/workflows/stale-issues.yml @@ -14,7 +14,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # tag=v2.8.1 + uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # tag=v2.9.0 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/sync-labels.yml b/.github/workflows/sync-labels.yml index b2395442..047b65ab 100644 --- a/.github/workflows/sync-labels.yml +++ b/.github/workflows/sync-labels.yml @@ -20,7 +20,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # tag=v2.8.1 + uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # tag=v2.9.0 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # tag=v4.1.7